I am using Stunnel, Varnish, and nginx with a nodejs app, and I'm having trouble redirecting non-https pages (http://manager.domain.com) to their respective https page (https://manager.domain.com). I just get stuck in a redirect loop because all the traffic passes through varnish first. The main reason for this set up is to use sockets with ssl.

Stunnel listens on port 443. It terminates SSL connections and passes traffic to Varnish on port 80. Varnish listens on port 80 and splits other traffic as required between Nginx on 81 and Node.js on port 3000. Nginx listens on port 81. It serves static files and other non-Node.js pages.

Varnish listens on port 80 and redirects non-proxied traffic to port 443 - I don't see where it's configured to redirect, I'm only seeing redirection in the nginx config; can you clarify how this aspect is supposed to function?
–
Shane Madden♦Oct 19 '12 at 0:35

1 Answer
1

You have two server blocks on port 81 with manager.domain.com configured as a host header - nginx has no way to know whether a request went through stunnel or not, so the first one wins and the redirect always occurs.

I'd recommend either having Varnish do the redirecting based on whether the request came from stunnel or not (check the request's client.ip - 127.0.0.1 means it's from stunnel), or have Varnish mark the requests from stunnel with a header so that nginx can decide how to handle them.

Thanks for the tip. Do you know how to do a redirect in Varnish? Not too many quality examples come up in google.
–
Errol FitzgeraldOct 19 '12 at 1:25

Since you want to avoid using a backend for the response, you need to avoid the 'normal' process; if the request should be redirected (didn't come through stunnel) run error 301; in vcl_recv, then in vcl_error do a set obj.http.Location and return(deliver);.
–
Shane Madden♦Oct 19 '12 at 6:09